by not logging in automatically when `auto_login` is `false` and we're
using anonymous, external or prebind authentication.
For `authentication` set to `login` the situation is much more
ambiguous, since we don't have a clear distinction between wether we're
restoring a previous session (`keepalive`) or whether we're
automatically setting up a new session (`auto_login`).
So currently if *either* `keepalive` or `auto_login` is `true` and
`authentication` is set to `login`, then Converse will try to log the
user in.
even if the `_converse.bosh_session` instance does not exist.
We do this to avoid trying to reconnect with stale tokens upon
reconnection. Especially relevant for anonymous connections, but could
also be applicable when switching between websocket and BOSH connections
when reconnecting.
Also renamed `startNewBOSHSession` to `startNewPreboundBOSHSession`
It's unlikely that `keepalive` needs to be set to `false`, but there are
some edge cases where it might be useful.
Here's a breakdown of the different configurations of `keepalive` and `auto_join`:
---
* auto_login: false, keepalive: true
This is the default config. Users need to log in manually, but then
Converse will try to reconnect them when the page reloads.
* auto_login: true, keepalive: true
Also very popular configuration. Used with `credentials_url` or `prebind_url`.
* auto_login = `true`, keepalive = `false`
Not sure what this could be useful for. No currently known application.
* auto_login = `false`, keepalive = `false`
Useful when you want some kind of specific action to trigger login, but
you don't want to maintain that state across page reloads.
Also relevant when using a websocket connection with anonymous login.
With websocket it's impossible to maintain anonymous sessions across page
reload because the the session gets removed server-side as soon as the
websocket connection drops and the server won't accept a full JID with
password for an anonymous connection anyway (which could happen upon
page reload when Converse tries to login in again if `keepalive` was `true`).
triggering connectionInitialized.
That way, when listening for `connectionInitialized`, we'll know when it
fires whether we've attached to a BOSH connection or not.
If `auto_login` is false, we shouldn't log in, so we only try to log in when
it is true. Otherwise we still try to restore the BOSH session (if applicable).
- Split between `login` auth and the rest (`external`, `anonymous`, `prebind`)
- It doesn't make sense to pass along credentials when not using `login` auth so avoid that flow.
- It's not necessary to pass the `reconnecting` flag to `attemptNonPreboundSession`
